ACM

Code of Ethics

Commitment to ethical professional conduct is expected
of every member (voting members, associate members, and student members)
of the Association for Computing Machinery (ACM).

This Code, consisting of 24 imperatives formulated as statements of
personal responsibility, identifies the elements of such a commitment.
It contains many, but not all, issues professionals are likely to face.Section
1
outlines fundamental ethical considerations, while Section
2 addresses additional, more specific considerations of professional
conduct. Statements inSection
3 pertain more specifically to individuals who have a leadership role,
whether in the workplace or in a volunteer capacity such as with organizations
like ACM. Principles involving compliance with this Code are given in Section
4.

The Code shall be supplemented by a set of Guidelines, which provide
explanation to assist members in dealing with the various issues contained
in the Code. It is expected that the Guidelines will be changed more frequently
than the Code.

The Code and its supplemented Guidelines are intended to serve as a
basis for ethical decision making in the conduct of professional work.
Secondarily, they may serve as a basis for judging the merit of a formal
complaint pertaining to violation of professional ethical standards.

It should be noted that although computing is not mentioned in the imperatives
of Section
1, the Code is concerned with how these fundamental imperatives apply
to one's conduct as a computing professional. These imperatives are expressed
in a general form to emphasize that ethical principles which apply to computer
ethics are derived from more general ethical principles.

It is understood that some words and phrases in a code of ethics are
subject to varying interpretations, and that any ethical principle may
conflict with other ethical principles in specific situations. Questions
related to ethical conflicts can best be answered by thoughtful consideration
of fundamental principles, rather than reliance on detailed regulations.

This principle concerning the quality of life of all people affirms
an obligation to protect fundamental human rights and to respect the diversity
of all cultures. An essential aim of computing professionals is to minimize
negative consequences of computing systems, including threats to health
and safety. When designing or implementing systems, computing professionals
must attempt to ensure that the products of their efforts will be used
in socially responsible ways, will meet social needs, and will avoid harmful
effects to health and welfare.

In addition to a safe social environment, human well-being includes
a safe natural environment. Therefore, computing professionals who design
and develop systems must be alert to, and make others aware of, any potential
damage to the local or global environment.

"Harm" means injury or negative consequences, such as undesirable
loss of information, loss of property, property damage, or unwanted environmental
impacts. This principle prohibits use of computing technology in ways that
result in harm to any of the following: users, the general public, employees,
employers. Harmful actions include intentional destruction or modification
of files and programs leading to serious loss of resources or unnecessary
expenditure of human resources such as the time and effort required to
purge systems of "computer viruses."

Well-intended actions, including those that accomplish assigned duties,
may lead to harm unexpectedly. In such an event the responsible person
or persons are obligated to undo or mitigate the negative consequences
as much as possible. One way to avoid unintentional harm is to carefully
consider potential impacts on all those affected by decisions made during
design and implementation.

To minimize the possibility of indirectly harming others, computing
professionals must minimize malfunctions by following generally accepted
standards for system design and testing. Furthermore, it is often necessary
to assess the social consequences of systems to project the likelihood
of any serious harm to others. If system features are misrepresented to
users, coworkers, or supervisors, the individual computing professional
is responsible for any resulting injury.

In the work environment the computing professional has the additional
obligation to report any signs of system dangers that might result in serious
personal or social damage. If one's superiors do not act to curtail or
mitigate such dangers, it may be necessary to "blow the whistle"
to help correct the problem or reduce the risk. However, capricious or
misguided reporting of violations can, itself, be harmful. Before reporting
violations, all relevant aspects of the incident must be thoroughly assessed.
In particular, the assessment of risk and responsibility must be credible.
It is suggested that advice be sought from other computing professionals.
See principle
2.5 regarding thorough evaluations.

Honesty is an essential component of trust. Without trust an organization
cannot function effectively. The honest computing professional will not
make deliberately false or deceptive claims about a system or system design,
but will instead provide full disclosure of all pertinent system limitations
and problems.

A computer professional has a duty to be honest about his or her own
qualifications, and about any circumstances that might lead to conflicts
of interest.

Membership in volunteer organizations such as ACM may at times place
individuals in situations where their statements or actions could be interpreted
as carrying the "weight" of a larger group of professionals.
An ACM member will exercise care to not misrepresent ACM or positions and
policies of ACM or any ACM units.

The values of equality, tolerance, respect for others, and the principles
of equal justice govern this imperative. Discrimination on the basis of
race, sex, religion, age, disability, national origin, or other such factors
is an explicit violation of ACM policy and will not be tolerated.

Inequities between different groups of people may result from the use
or misuse of information and technology. In a fair society,all individuals
would have equal opportunity to participate in, or benefit from, the use
of computer resources regardless of race, sex, religion, age, disability,
national origin or other such similar factors. However, these ideals do
not justify unauthorized use of computer resources nor do they provide
an adequate basis for violation of any other ethical imperatives of this
code.

1.5 Honor property rights including copyrights and patent.

Violation of copyrights, patents, trade secrets and the terms of license
agreements is prohibited by law in most circumstances. Even when software
is not so protected, such violations are contrary to professional behavior.
Copies of software should be made only with proper authorization. Unauthorized
duplication of materials must not be condoned.

1.6 Give proper credit for intellectual property.

Computing professionals are obligated to protect the integrity of intellectual
property. Specifically, one must not take credit for other's ideas or work,
even in cases where the work has not been explicitly protected by copyright,
patent, etc.

1.7 Respect the privacy of others.

Computing and communication technology enables the collection and exchange
of personal information on a scale unprecedented in the history of civilization.
Thus there is increased potential for violating the privacy of individuals
and groups. It is the responsibility of professionals to maintain the privacy
and integrity of data describing individuals. This includes taking precautions
to ensure the accuracy of data, as well as protecting it from unauthorized
access or accidental disclosure to inappropriate individuals. Furthermore,
procedures must be established to allow individuals to review their records
and correct inaccuracies.

This imperative implies that only the necessary amount of personal
information be collected in a system, that retention and disposal periods
for that information be clearly defined and enforced, and that personal
information gathered for a specific purpose not be used for other purposes
without consent of the individual(s). These principles apply to electronic
communications, including electronic mail, and prohibit procedures that
capture or monitor electronic user data, including messages,without the
permission of users or bona fide authorization related to system operation
and maintenance. User data observed during the normal duties of system
operation and maintenance must be treated with strictest confidentiality,
except in cases where it is evidence for the violation of law,
organizational regulations, or this Code. In these cases, the nature or
contents of that information must be disclosed only to proper authorities.

1.8 Honor confidentiality.

The principle of honesty extends to issues of confidentiality of information
whenever one has made an explicit promise to honor confidentiality or,
implicitly, when private information not directly related to the performance
of one's duties becomes available. The ethical concern is to respect all
obligations of confidentiality to employers, clients, and users unless
discharged from such obligations by requirements of the law or other principles
of this Code.

2.1 Strive to achieve the highest quality, effectiveness and dignity
in both the process and products of professional work.

Excellence is perhaps the most important obligation of a professional.
The computing professional must strive to achieve quality and to be cognizant
of the serious negative consequences that may result from poor quality
in a system.

2.2 Acquire and maintain professional competence.

Excellence depends on individuals who take responsibility for acquiring
and maintaining professional competence. A professional must participate
in setting standards for appropriate levels of competence, and strive to
achieve those standards. Upgrading technical knowledge and competence can
be achieved in several ways:doing independent study; attending seminars,
conferences, or courses; and being involved in professional organizations.

2.3 Know and respect existing laws pertaining to professional work.

ACM members must obey existing local, state,province, national, and
international laws unless there is a compelling ethical basis not to do
so. Policies and procedures of the organizations in which one participates
must also be obeyed. But compliance must be balanced with the recognition
that sometimes existing laws and rules may be immoral or inappropriate
and, therefore, must be challenged. Violation of a law or regulation may
be ethical when that law or rule has inadequate moral basis or when it
conflicts with another law judged to be more important. If one decides
to violate a law or rule because it is viewed as unethical, or for any
other reason, one must fully accept responsibility for one's actions and
for the consequences.

2.4 Accept and provide appropriate professional review.

Quality professional work, especially in the computing profession, depends
on professional reviewing and critiquing. Whenever appropriate, individual
members should seek and utilize peer review as well as provide critical
review of the work of others.

Computer professionals must strive to be perceptive, thorough, and objective
when evaluating, recommending, and presenting system descriptions and alternatives.
Computer professionals are in a position of special trust, and therefore
have a special responsibility to provide objective, credible evaluations
to employers, clients, users, and the public. When providing evaluations
the professional must also identify any relevant conflicts of interest,
as stated in imperative
1.3.

As noted in the discussion of principle
1.2 on avoiding harm, any signs of danger from systems must be reported
to those who have opportunity and/or responsibility to resolve them. See
the guidelines for imperative
1.2 for more details concerning harm,including the reporting of professional
violations.

2.6 Honor contracts, agreements, and assigned responsibilities.

Honoring one's commitments is a matter of integrity and honesty. For
the computer professional this includes ensuring that system elements perform
as intended. Also, when one contracts for work with another party, one
has an obligation to keep that party properly informed about progress toward
completing that work.

A computing professional has a responsibility to request a change in
any assignment that he or she feels cannot be completed as defined. Only
after serious consideration and with full disclosure of risks and concerns
to the employer or client, should one accept the assignment. The major
underlying principle here is the obligation to accept personal accountability
for professional work. On some occasions other ethical principles may take
greater priority.

A judgment that a specific assignment should not be performed may not
be accepted. Having clearly identified one's concerns and reasons for that
judgment, but failing to procure a change in that assignment, one may yet
be obligated, by contract or by law, to proceed as directed. The computing
professional's ethical judgment should be the final guide in deciding whether
or not to proceed. Regardless of the decision, one must accept the responsibility
for the consequences.

However, performing assignments "against one's own judgment"
does not relieve the professional of responsibility for any negative consequences.

Computing professionals have a responsibility to share technical knowledge
with the public by encouraging understanding of computing, including the
impacts of computer systems and their limitations. This imperative implies
an obligation to counter any false views related to computing.

2.8 Access computing and communication resources only when authorized
to do so.

Theft or destruction of tangible and electronic property is prohibited
by imperative
1.2 - "Avoid harm to others." Trespassing and unauthorized
use of a computer or communication system is addressed by this imperative.
Trespassing includes accessing communication networks and computer systems,
or accounts and/or files associated with those systems, without explicit
authorization to do so. Individuals and organizations have the right to
restrict access to their systems so long as they do not violate the discrimination
principle (see
1.4). No one should enter or use another's computer system, software,
or data files without permission. One must always have appropriate approval
before using system resources, including communication ports, file
space, other system peripherals, and computer time.

BACKGROUND NOTE:This section draws extensively from the draft
IFIP Code of Ethics,especially its sections on organizational ethics and
international concerns. The ethical obligations of organizations tend to
be neglected in most codes of professional conduct, perhaps because these
codes are written from the perspective of the individual member. This dilemma
is addressed by stating these imperatives from the perspective of the organizational
leader. In this context"leader" is viewed as any organizational
member who has leadership or educational responsibilities. These imperatives
generally may apply to organizations as well as their leaders. In this
context"organizations" are corporations, government agencies,and
other "employers," as well as volunteer professional organizations.

3.1 Articulate social responsibilities of members of an organizational
unit and encourage full acceptance of those responsibilities.

Because organizations of all kinds have impacts on the public, they
must accept responsibilities to society. Organizational procedures and
attitudes oriented toward quality and the welfare of society will reduce
harm to members of the public, thereby serving public interest and fulfilling
social responsibility. Therefore,organizational leaders must encourage
full participation in meeting social responsibilities as well as quality
performance.

3.2 Manage personnel and resources to design and build information
systems that enhance the quality of working life.

Organizational leaders are responsible for ensuring that computer systems
enhance, not degrade, the quality of working life. When implementing a
computer system, organizations must consider the personal and professional
development, physical safety, and human dignity of all workers. Appropriate
human-computer ergonomic standards should be considered in system design
and in the workplace.

3.3 Acknowledge and support proper and authorized uses of an organization's
computing and communication resources.

Because computer systems can become tools to harm as well as to benefit
an organization, the leadership has the responsibility to clearly define
appropriate and inappropriate uses of organizational computing resources.
While the number and scope of such rules should be minimal, they should
be fully enforced when established.

3.4 Ensure that users and those who will be affected by a system
have their needs clearly articulated during the assessment and design of requirements;
later the system must be validated to meet requirements.

Current system users, potential users and other persons whose lives
may be affected by a system must have their needs assessed and incorporated
in the statement of requirements. System validation should ensure compliance
with those requirements.

3.5 Articulate and support policies that protect the dignity of users
and others affected by a computing system.

Designing or implementing systems that deliberately or inadvertently
demean individuals or groups is ethically unacceptable. Computer professionals
who are in decision making positions should verify that systems are designed
and implemented to protect personal privacy and enhance personal dignity.

3.6 Create opportunities for members of the organization to learn
the principles and limitations of computer systems.

This complements the imperative on public understanding (2.7).
Educational opportunities are essential to facilitate optimal participation
of all organizational members. Opportunities must be available to all members
to help them improve their knowledge and skills in computing, including
courses that familiarize them with the consequences and limitations of
particular types of systems.In particular, professionals must be made aware
of the dangers of building systems around oversimplified models, the improbability
of anticipating and designing for every possible operating condition, and
other issues related to the complexity of this profession.

The future of the computing profession depends on both technical and
ethical excellence. Not only is it important for ACM computing professionals
to adhere to the principles expressed in this Code, each member should
encourage and support adherence by other members.

4.2 Treat violations of this code as inconsistent with membership
in the ACM.

Adherence of professionals to a code of ethics is largely a voluntary
matter. However, if a member does not follow this code by engaging in gross
misconduct, membership in ACM may be terminated.